zhouyanming (Migrated from SEC-1254) said:
I have patched LogoutFilter before to use request.getHeader('Referer') for logoutSuccessUrl http://jira.springframework.org/browse/SEC-491
It need logoutSuccessUrl be empty to use such feature
please remove DEF_LOGOUT_SUCCESS_URL in LogoutBeanDefinitionParser leave it to LogoutFilter, LogoutFilter has default value "/"
Luke Taylor said:
The behaviour you describe no longer applies in the 3.0 codebase. The location is determined by the LogoutSuccessHandler. If you want to use the referer, rmove the element from the namespace and add a LogoutFilter which has a SimpleUrlLogoutSuccessHandler with the "referer" property set to "true".
Changing type and module. Not a bug - more a limitation of the namespace, which doesn't supoprt use of the referer as the destination.
I've added SEC-1291, to allow customization of the logout success handler, so you will be able to inject the required behaviour.